Author: nion
Date: 2009-04-17 12:07:38 +0000 (Fri, 17 Apr 2009)
New Revision: 11643
Modified:
data/CVE/list
Log:
- CVE-2009-1273 doesn''t affect us
- CVE-2009-0587 fixed in evolution-data-server 2.24.5-2
- CVE-2008-4308 fixed in tomcat5.5 5.5.23-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-17 11:01:09 UTC (rev 11642)
+++ data/CVE/list 2009-04-17 12:07:38 UTC (rev 11643)
@@ -154,7 +154,7 @@
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo
0.4.1 and ...)
NOT-FOR-US: Dojo
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is
compiled ...)
- TODO: check
+ - pam <not-affected> (we don''t compile pam with USE=ssh)
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
- php5 5.2.6.dfsg.1-3
- php4 <not-affected> (this is caused by the fix for CVE-2008-5658,
which was not applied to php4)
@@ -2906,7 +2906,8 @@
CVE-2009-0588
RESERVED
CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...)
- TODO: check
+ - evolution-data-server 2.24.5-2 (medium)
+ NOTE: this version doesnt fix the overflows but uses the glib functions for
decoding instead
CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function
...)
- gst-plugins-base0.10 0.10.22-4
[lenny] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not
present)
@@ -8642,7 +8643,7 @@
{DSA-1663-1}
- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and
5.5.10 ...)
- TODO: check
+ - tomcat5.5 5.5.23-1 (low)
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the
Linux ...)
- linux-2.6 2.6.26-1
- linux-2.6.24 <removed>